I was wondering if someone could explain the protected rules at the top of the LS configuration, and why I would enable or disable them?

What are ICMP/UDP incoming connections? I know the right hand side of the LS configuration provides a little explanation for both, but I would like some more information on it. Would my internet experience suffer if I were to disable them? What's the risk, in terms of malware/remote access, if I kept them enabled?

Also - allowing outgoing or incoming connections to my local network - why would I or wouldn't I need to do that? Does it open me up to infecting my system if other machines on the network are infected (especially if I'm using public wi-fi)? I'm on the home wi-fi and I tried testing it out just then by disabling the incoming connections from local network rule. Within 5 minutes LS notified me that my Macbook (system, not me) tried to establish incoming connections to mDNSResponder, port 5353:

- from the IPv4 address associated with my Macbook on the home wifi- from fe##::####:#$$$:$$$#:##$$- from fe##::$$$$:##$$:$$#$:##$#

(I figured I should disguise it just in case? Anyway, hashes are numbers, dollar signs are letters)

I feel comfortable using LS but my knowledge of networking/IP stuff is basic at best, so I need some assistance in understanding the protected rules.

The explanations are that I really hope someone besides telling what each connection is to do something about it. Then tell me exactly what each rule is for despite being "Protected Rules" if you do not want a connection or service on my system or systems then I do not want that connection. I would like the ability to know what every single rule and process does. If anyone has a list of all mac connections and processes associated with it please post them here or share them via a link by reply thanks in advance.

jumboconcussion wrote:I was wondering if someone could explain the protected rules at the top of the LS configuration, and why I would enable or disable them?

What are ICMP/UDP incoming connections? I know the right hand side of the LS configuration provides a little explanation for both, but I would like some more information on it. Would my internet experience suffer if I were to disable them? What's the risk, in terms of malware/remote access, if I kept them enabled?

Simple question, complex answers.

It depends on your configuration and usage. The short answer is to allow what you need, and block everything else. Testing can be done by blocking a particular connection and finding out what happens - if nothing breaks then the connection wasn't necessary and it might as well be blocked. If something doesn't work anymore, the purpose of the connection is revealed.

Also - allowing outgoing or incoming connections to my local network - why would I or wouldn't I need to do that? Does it open me up to infecting my system if other machines on the network are infected (especially if I'm using public wi-fi)? I'm on the home wi-fi and I tried testing it out just then by disabling the incoming connections from local network rule. Within 5 minutes LS notified me that my Macbook (system, not me) tried to establish incoming connections to mDNSResponder, port 5353:

- from the IPv4 address associated with my Macbook on the home wifi- from fe##::####:#$$$:$$$#:##$$- from fe##::$$$$:##$$:$$#$:##$#

Port 5353 is used by mDNSResponder for Bonjour and what's called "advertising services". I'm not sure exactly what that means, other than communication between network devices. People disabling mDNSResponder's bonjour functions find that the network printer won't work, for instance.

Port 5353 is used by mDNSResponder for Bonjour and what's called "advertising services". I'm not sure exactly what that means, other than communication between network devices. People disabling mDNSResponder's bonjour functions find that the network printer won't work, for instance.

I find the mDNSResponder Port 5353 is used for hackers to gain access to your MAC via your network devices. This is happening to me via my iPad and android streaming devices in my home. Has happened through my wireless router too. It can happen through my iPhone also, just not right now. He can change my Apple ID passwords by remotely accessing my iPad and going to iCloud and going to change your password. lesson learned hard. Don't jailbreak your devices.

There are ways to get you with out jail breaking and that's going straight through your network or Bluetooth but unless they are next door like my hacker is, that isn't likely. I got little snitch for just this reason. I block everything until I look it up, auto deny everything go back and fix later. Do a Whois on the domain name that's trying to open and do a trace route or even search for the site on google and see what you find. You can usually get a hint what you want to deny.

In the trial and error period I have had to turn my network connection off , securely erase my drive and start over because I didn't know what to block and my hacker got in. I have that fixed now. Good luck to each of you in your endeavor to stay safe on the internet

I agree with the above. DNS and MDNS ports are a common route for hackers to gain access to your network because it is almost certain that a network will have that port open or filtered. I found that setting DNS server addresses at gateway level and then using little snitch to block all communication by mdns responder except for dirctly with your gateway IP address, was the most secure i could come up with.

It sounds like I have a similar ‘hacker next door’ to the person above and i infact did those same steps to get a better understanding. It’s a tedious process and its made more frustrating by the fact little snitch doesnt block connections through bluetooth as mentioned, but if you start by blocking all IPV6 traffic in and out it will be much less overwhelming!

FYI - I found its also common that a hacker might try to gain access to a network through broadcast addresses and IPV6 which are often ignored by routers builtin firewalls.